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Optimization of Cyclic Redundancy-Check 
Codes with 24 and 32 Parity Bits 


Guy Castagnoli, Stefan Brauer, and Martin Herrmann 


Abstract—The method of Fujiwara et. al. for efficiently com- 
puting the minimum distance of shortened Hamming codes via 
the weight distribution of their dual codes is extended to treat 
arbitrary shortened cyclic codes. Using this extended method 
implemented on a high-speed special-purpose processor, several 
classes of CRC codes with 24 and 32 parity bits have been 
investigated. The CRC codes of each class are known to have 
the same minimum distance d,,i,,, in a certain range L of 
block lengths n, and within each class, that CRC code has been 
determined whose minimum distance exceeds din, up to the 
largest block length. The dmin profiles of the resulting codes, i.e., 
the minimum distances dmin as a function of the block length 
n, are presented and compared with the din profiles of recent 
suggestions of Merkey and Posner, as well as with the dmin profile 
of the widely used 32 parity-bit standard code recommended in 
ITEEE-802. The optimization of the dmin profile is warranted by 
the fact that given the number of p of parity bits and the block 
length n, it is the minimum distance that determines the order 
of magnitude of the probability P,e of undetectable errors on 
low-noise binary symmetric channels (BSC’s). This is seen from 
plots of P.e versus n for our codes and for the IEEE-802 code 
on a low-noise BSC and on a fairly noisy BSC. 


I. INTRODUCTION 


YCLIC redundancy-check codes (CRC codes) are used 

for detecting errors that occur during transmission of 
digital (binary) information. This is done by appending to a 
block 


*st—1] (1) 


of k binary information digits i, 1 = 0,1,---,k — 1, a block 


t= lio, 21, °° 


pi [ro ri, =, rp-1] (2) 


of p parity bits r;, 7 = 0,1,---,p— 1, yielding a frame (or 
codeword) c = [r,i] consisting of n = k + p binary digits. 
The block r of parity bits is computed from i, using a linear 
feedback shift register (LFSR) in such a way that 


r(x) = (x? - i(x)) mod g(x) (3) 


where 


j def . . > = 
I(r) È ioti tte + ipa ah} 


(4a) 
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and 


r(x) dE tn Eee by oP! (4b) 
are the information and parity bits, respectively, interpreted as 
polynomials, and where g(x) is the generator polynomial of 
the code and is implemented in the LFSR. Error detection at 
the receiving end is achieved by computing the parity bits from 
the received information block 2 and comparing these with the 
received parity bits 7. Any discrepancy between these two sets 
of parity bits then indicates the presence of transmission errors 
in the received frame. It is possible, however, that transmission 
errors reside in the received frame that cannot be detected 
by this procedure. Whenever channel noise affects both the 
information block i and the block r of parity bits in such a 
way that the received frame ¢ = [f2] satisfies 


Pa) = (æ . i(æ)) mod g(z), (5) 


the errors cannot be detected by parity checking. The perfor- 
mance of a CRC code is thus measured by the probability 
Pae of undetectable channel errors occurring. An undetectable 
error pattern e can also be viewed as one transforming a 
given codeword c into a different codeword c’ = c + e. 
Due to the linearity of CRC codes, the undetectable error 
patterns are precisely the nonzero codewords. The undetected- 
error probability P,e is thus the probability that channel noise 
produces an error pattern equal to a nonzero codeword of the 
CRC code. On a low-noise binary symmetric channel, which 
tends to produce low-weight error patterns more frequently 
than error patterns with a large Hamming weight, it thus 
appears reasonable to use a CRC code that has a maximum 
minimum distance. Indeed, as a computation of P,e for 
specific CRC codes shows, dmin does dominate the undetected- 
error probability on low-noise BSC’s. Correspondingly, our 
following investigation of CRC codes aims at determining 
dmin at various block lengths and at optimizing the dmin 
profile, i.e., dmin as a function of the block length n. 

In Section II, we present our extension of Fujiwara’s algo- 
rithm. While the method of Fujiwara et al, [1] is for deter- 
mining the minimum distance of a shortened Hamming code 
via the weight distribution of its dual code, we can perform 
Fujiwara’s algorithm with no restrictions on the factorization 
of the generator polynomial g(x) of C. In Section IM, we 
present the dmin profiles, i.e., the minimum distances at all 
block lengths, of the best CRC codes that resulted from our 
search for good CRC codes with 24 and 32 parity bits. For 
reasons of comparison, the dmin profiles of the CRC codes 
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proposed by Merkey and Posner [2] and of the widely used 
IEEE-802 standard are also presented. Moreover, we have 
plotted the probability Pue of undetectable errors for our codes 
and for the standard code [IEEE-802 on both a low-noise binary 
symmetric channel (BSC) and a fairly noisy BSC. Section IV, 
finally, contains some concluding remarks on the usefulness 
and properness of our codes. 


II. A METHOD FOR COMPUTING THE MINIMUM DISTANCE OF 
CRC CODES VIA THE DUAL CODE’S WEIGHT DISTRIBUTION 


The minimum distance of a CRC code at a given block 
length can be determined in principle by explicitly computing 
the Hamming weight of each nonzero codeword and keeping 
track of the smallest determined Hamming weight. However, 
in general, there are far too many codewords to check, e.g., if 
k = 1000, then there are 219° œ~ 10300 codewords, and so this 
procedure is computationally infeasible. Fortunately, though, 
there exist the MacWilliams’ identities (6) [3], [4] 


l-z 
AM (z) = 2P (1 +2) B® 6 
(2) = 271 4 2)"B ( © 
which express the weight distribution A™® (2) a Aw) + 


AQ) z+- -4+ AQ?" of a CRC code at length n in terms of the 


weight distribution B™(z) $f B® + BM 24... 4 BO 2” 


of its dual code C1, which is the code orthogonal to C in 
GF(2)". Thus, knowing how many codewords of the dual 
code have a Hamming weight of 2, for ¿ = 0,1,---,n, we 
can apply MacWilliams’ identities to determine the weight 
distribution of the CRC code itself at the respective block 
length, and thereby also its minimum distance dmin. Since 
the MacWilliams’ identities constitute a linear transformation, 
they are not overly time consuming to apply, and since the dual 
code of a CRC code has “only” 2? codewords at every block 
length, we see that for CRC codes C with p = 24 or p = 32 
parity bits, it is indeed possible to compute d,,j, via the weight 
distribution of its dual code C1. Since there are many CRC 
codes from which to choose an optimum, this computation 
must be repeated very often. Therefore, it is still material to 
compute the 2? codewords of the dual code efficiently. While 
the direct computation of each codeword requires 2?-n “steps,” 
the method presented in this paper takes between 2? and 2? -2 
steps, depending on the block length n. For typical n (e.g., 
n = 1000), this constitutes a significant gain, especially when 
dealing with CRC codes with 32 parity bits where the factor 
2P ~ 4.3-10° alone indicates that either method is at the verge 
of computational intractability.! 

Consider the (n — p) x n binary generator matrix G of the 
shortened cyclic code C of length n generated by g(x) = 
Go + git + + gpa? + zP: 


G= 


lOur method was implemented on a special-purpose processor that runs 
with a 40 MHz clock, and thus takes between 107 and 215 s to determine 
dmin Of a 32 parity-bit CRC code at a given block length. 

2 Fujiwara et al. [12] used a method to determine the minimum distance 
of a CRC code directly. It is more efficient than our method, but does not 
yield the dual code’s weight distribution which is needed to determine the 
properness of the codes. 
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go 91 Jp-1 1 
go $i >` Gp-1 1 
go g me gp-1 l1 
go g Gp-1 l 
(7) 


The generator matrix G is at the same time the parity-check 
matrix of the dual code C, of C, and we can see that the 
digits c; of the codewords in the dual code constitute a linear 
recurring sequence with the recurrence relation 


Ci = JoCi-p + 91Ci-p41 + °° *Jp-1Ci-1, 
t=p,p+1,---,n. (8) 


The recurrence relations (8), which hold for the infinitely 
continued sequence co, C1, C2,:--, can be expressed through 
the rationality of the formal power series 


1 e on Cj 
(Ea © 


i=0 


(+) glz) = u(x) 


where u(x) is a polynomial with deg u(x) < deg g(x). Given 
u(x), we can obtain c(1/x) by expanding the rational function 
u(x)/9(z) in powers of x~}. This can be realized by a linear 
feedback shift register (LFSR) in which a shift operation 
transforms its state u(x) into (x - u(xz)) mod g(x). 


u(t) ug Fetes + Upaiz? 
gl£) got ge +++) + Gp-1aP7! + aP 
uor + ur? fee + tpi 
go + ie +-+ + gp-12P7! + xP 
 up-19(2) + 2 - ule) — up-1g(2) 
g(x) 
— Upa + z -u(x) mod g(x) , (11) 
x g{x) 

The outputs of this shift register constitute the digits of a 
dual codeword. For every initial LFSR content, we obtain a 
different codeword, and since there are 2” initial LFSR states, 
we can compute in this way all codewords of the dual code to 
the CRC code at any desired length. Rather than initializing the 
LFSR 2? times, i.e., once for each new codeword, we proceed 
as follows. Having computed the weight of one codeword, 
we can determine the weight of a further codeword without 
reinitializing the LFSR by simply shifting the LFSR one step 
and discarding the first digit of the old codeword. The change 
in weight between the old and new codeword (either 0, +1, or 
—1) is determined from the new digit and the discarded digit. 
The most efficient way to realize this idea is by operating 
two LFSR’s as follows. Load a particular initial state u(x) 
into two LFSR’s, and then compute the Hamming weight w 
of the corresponding codeword in C, of desired length by 
operating the first of these LFSR’s n times and counting the 


by 


(10) 


1 
T 
1 
x 
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number of output 1’s. The first LFSR state is thereby set 
to u,n(z). Now, shift both LFSR’s simultaneously. The first 
LFSR [the “leading LFSR,” starting at un(x)] produces a new 
digit, while the second LFSR [the “trailing LFSR,” starting at 
uo(x)] outputs the discarded digit. Using this method, which 
is due to Fujiwars et al. [1], and which was independently 
discovered by Giinther [5], we can compute the Hamming 
weight of further codewords with only one shift per codeword. 
However, we compute the weights of new codewords only as 
long as we reach new LFSR states u;(x). Depending on uo(z) 
and g(x), we can determine the number of codewords that are 
encountered starting at uo(x) by first noting that the state of 
the trailing LFSR after N shifts will be 


un(x) = £” - ug(x) mod g(x). (12) 


Now, un(£) = uo(x) holds exactly when g(x) divides 
uo(x)- (aN — 1). This is equivalent to g(x)/ged(g(x), uo(x)) 
dividing z^ — 1. Thus, the number N of different codewords 
produced will be 


N= ora( (13) 


g{x) ) 
ged(g(x), wo(x)) 
Therefore, if and only if g(x) is a primitive polynomial, i.e., 
if and only if g(a) satisfies 


ord g(x) = 2489) — 1 (14) 


will all nonzero codewords be encountered when starting 
from a single nonzero initial state uo(x). When g(x) is not 
primitive, the nonzero LFSR states are partitioned into several 
equivalence classes that we will call cyclic cosets and that are 
defined by the equivalence relation 


ulz) = v(x) => Jj 


such that v(x) = (x - u(x)) mod g(x). (15) 


In this case, several initial states (coset leaders) ug(z) must 
be used, and we now show how to determine these. 
Consider the factorization g(x) = [JŽ gi(x)* of g(x) into 
irreducible polynomials. With any shift register state u(x), 
associate the partial fraction decomposition of u(x)/9{x): 


J 
o 2 ney 
where 
deg u;(x) < deg g(x)" Vi. (17) 
The J-tuples 
(ui(z), ua(£) +++, us(a)) € GF(2)fe]/(91(2)") x +- 
x GF(2)[2]/(gs(@)") (48) 


as isomorphous as a commutative ring to the residue class 
ring 


GF(2){z]/(g(#)) . (19) 
The isomorphism ø is established through 
a: u(x) (ui (x), +++, uz(x)) (20a) 
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with 


u;(v) Œ u(x) mod gi(x)® . (20b) 


The inverse isomorphism o~} is defined by 


J 
u(x) = (x: ui (x) - via) S| mod g(x) (20c) 
i=0 aye 


where v;(x) is the multiplicative inverse of g(x)/gi(x)° in 
GF(2)|e|/(g:(2)*). 

By this isomorphism, the J components of the elements 
x'u(x) mod g(x), L = 1,2,---, of a cyclic coset of each 
constitute cyclic cosets of their own. The problem of finding 
a set of representatives (coset leaders) of the cyclic cosets in 
GF(2){x]/(g(x)) is thus reduced to finding such representa- 
tives of the J component cyclic cosets in GF'(2)[x]/(gi{2)*) 
for i = 1,---,J, and then to combining these in all possible 
ways. Assume that we have already solved the problem in each 
of the component residue class rings separately. Furthermore, 
let (cj) be a cyclic coset in the jth residue class ring for 7 = 
1,-+-, J. Now, we wish to determine all cyclic cosets (c) in the 
ting GF(2)[x]/(g(x)) that have as component cyclic cosets 
exactly the given cosets (cj), j = 1,2,---,J. If dj denotes 
the number of elements in the jth component cyclic coset 
(cj), and if an denotes the element (x* - cj(x)) mod g;(2)”, 
then a set of coset leaders of these cyclic cosets (c) in 
GF(2)[2]/(g(x)) is furnished by 


(a, of?) e, ee (21a) 
where 
0<k, < K;-1 for? = 2,-°-,J (21b) 
and 
K; Č ged(d;,lem(di,dz,---,dj-1)).  @lo) 
Hence, the total number of equivalence classes is 
z d di : icm(d1, +++, di— 
veee ay 
didz dy (22) 


z lem(d1, d2, ++, dz) i 


We can understand this by the following principle. 

Action of a Cyclic Group on a Cartesian Product: 

If, under the action of a cyclic group G = (c) on a finite set, 
we have two orbits 7 and T> of sizes dı and do, respectively, 
then on the Cartesian product T S T; x To, which has d; - d2 
points, the group G induces an action that partitions T into 
orbits of Icm(d), d2) points. There are, hence, 


dy + do 
= ————_. = gcd(d;,d 23 
lem(d;, d2) ged( dy , da) (23) 
orbits. As coset leaders for these orbits, one can take 
(i) where0<k<N-1 (24) 


and where i is the image of t; under the action of c* € G. 


Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on September 13,2021 at 11:20:12 UTC from IEEE Xplore. Restrictions apply. 


886 


Proof: Since the orbit of ¢; under the action of the cyclic 
group G = (c) contains d; points, we have 


tO = ti e d;l fori = 1,2. (25) 


Therefore, 


0 = t, i=1,2 <> lIem(d;,d2)|I (26) 


and so the product orbit contains Icm(dj,d2) points. The 
elements (t,t), with 0 < k < N —1, are on distinct 
orbits since the subgroup of elements in G that keep tı 
fixed is (c#1), and hence these elements map t9 ) onto el- 
ements an aie 42) whose “indexes” (j +l- ged(di, d2)) 
are congruent modulo N = ged(d;, d2). 

We are left with the problem of finding the coset leaders 
of the cyclic cosets defined by (15) in the case where g(x) = 
f(x)® is a power of an irreducible polynomial f(x). In this 
case, the ring 


A= GF(2)[x]/(f(2)") 


is irreducible, i.e., it cannot be decomposed further into a direct 
sum of other rings. The simplest instance is when g(x) = f(z) 
is primitive. Then there are only two equivalence classes of 
LFSR states, that of the zero state u(x} = 0, and the cyclic 
coset of all nonzero states for which we can take u(x) = 1 as 
coset leader. This was the situation considered by Fujiwara et 
al. [1] who investigated shortened Hamming codes. 

The next simplest case is when g(x) is irreducible, but not 
primitive. Let m = deg g(x) and n = ord g(x). Apart from 
the cyclic coset of the zero state, which is always present, we 
have several cyclic cosets of nonzero states. Let a(x) be a 
representative of a primitive element of the finite field 


F = GF(2)[z]/(9(2)) 


such that the root z of g(x) in F'[a] can be expressed in F 
as x = a(x)’ with 


(27) 


(28) 


def 2 — 1 


tE (29) 


n 
If we write the nonzero state u(x) as u(x) = a(x)? mod g(x), 
the cyclic coset 


{u(x), (x. ulz)) mod g(x), (x? - u(z)) mod glz), -} ; 
(30) 


written in terms of indexes with respect to a(x), reads 


i itt it Qty, (31) 


from which we see that the indexes of the states equivalent 
to u(x) are precisely those indexes that are congruent to i 
modulo ¢. Hence, a set of coset leaders of the cyclic cosets of 
nonzero states is given by 


a(z) = a(x)’ mod g(x) with ¢=0,1,---,¢é-—1. (32) 


We now come to the most general case where g(x) is a 
power (at least 2) of an irreducible polynomical f(x). In this 
case, the multiplicative structure of the irreducible ring (27) 
of residue classes modulo g(x) is no longer a cyclic group, as 


IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 41, NO. 6, JUNE 1993 


in the case of the finite field F, but is only a semi-group. 
Fortunately, x is coprime with g(x) = f(x)*, so that the 
greatest common divisor of the elements of a cyclic coset with 
g(x) is the same for all elements, namely, f(x) for some s 
with 0 < s < e. The nonzero cyclic cosets can therefore be 
grouped according to the multiplicity of f(x) in their elements. 
If 


u(x) = Ua)» f(a)” 


with f(z,+ U(x), then the elements equivalent to u(z), 
(x! - u(ax)) mod g(x) with 1 = 0,1,2,---, can be computed 
as 


(a! u(x)) mod f(x)° = (xalx) f(x)? )mod f(x) 


= (#'t(x) mod f(x") - f(a)", 
(34) 


(33) 


i.e., these elements are f(x)* times the elements of equiva- 
lence classes of polynomials that are coprime with f(a) and 
that are taken from the irreducible ring GF'(2)|z]/(f(z)°~*). 
We have thus reduced the problem of finding the coset leaders 
in GF(q)[z]/(f(z)*) to the problem of finding them in the 
multiplicative groups M; of elements coprime to f(x), where 

M, = (GF(2)(2)/F(0)"') t=1,2, e. ~ G5) 
The groups Ms, which are commutative and finite, posses a 
decomposition 


Mı = (aj) x (a2) x --- x (ar) (36) 
as a direct product of cyclic subgroups (a;); see [6, p. 7]. 
Hence, we must find generators a; of these subgroups of M}. 
Then, in principle, we could determine a set of coset leaders 
using properties of the action of a cyclic group on Cartesian 
products. This would require, however, that we determine the 
representation of x € M as a product of powers of the a,’s, 
which is a little more than is needed in the method that we 
actually use here. 

Generators of (GF(2)(x]/(f(a)"))* [7]: The multiplicative 
group M; of elements coprime of f(x) of GF(2)[x]/(f(z)‘), 
for t > 2, possesses the following set of generators. The 
“primitive” generator ap = (ap(£)), which has order 24°8/ —1, 
and the generators a; x = (aj k(£)) of the 2-Sylov subgroup? 
P® of Mi, where 


142k 
) 


ajk =1+2 -f(z (37) 


for 0 < j < deg f — 1 and O < k < |(t — 2)/2|. The order 
of ajk is 


nje = 2['082 me] (38) 
Lemma [7]: The order of x € M; is 
ord z = ord f- 2!losatl , (39) 


3 The p-Sylov subgroup of a finite commutative group G is that subgroup 
of G consisting of all elements whose order is a power of the prime p. 
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Following a suggestion of Günther [5], we can write (x), 
the cyclic group in M; that is generated by x, as the direct 
product of (x2) and (xp), where 


E pords (40) 


T2 


and 


Tp def „2flog: t] | (41) 
Therefore, as follows from (39), £2 has order glee. l, and 
thus z2 € P“), With respect to the generators a; ; of P®, xe 
has the representation 


(42) 


The order of x, is ord f and (x,) is a subgroup of (ap). 
Without loss of essential generality, we can assume that 
adeg f _] 


= ord f 
Lp = üp 


(43) 


In this special case, the equivalence relation (15) defining our 
cyclic cosets is 


u(x) = v(x) 
< 
J k,l such that v(x) = (p(2)" - x9(a)! - u(z)) mod f(z)*. 
(44) 


Since the order of xo is 2/9824], i.e., maximal in P©, it 
follows from (38) that in (42), at least one of the a;,,’s with 
k = 0 must have an odd exponent s; x. Therefore, if we can 
find a jo such that the exponent s;, 9 of @;,,9 in (42) is odd, 
then we can replace a,, 9 by 2 as a generator in P“) and still 
have a direct product decomposition of M+. In this case, a set 
of coset leaders of the cyclic cosets with elements coprime to 


f(x) is given by 
IT 


(9,6) #(Jo ,0) 


where 0 < i, < (2%°8f — 1) /ordf—1 and 0 < ijk <nja-l. 

We are now left with determining a value jo such that 
2 f Sjo- Considering (42) in terms of representatives in 
GF (2){z] and taking it modulo f(z)?, we obtain 


za(s) = [[ ape) = [I aoa) 
jk j 
= [] colr)? mod f(a)’. 
j 


Cip, j,k(£) = ap(£)” > ajs(2) > "mod f(a)’ (45) 


(46) 


Now the elements y € P“), i.e., of order equal to a power of 
2, have representatives of the form 

y(z) =1+ a(z): f(x); 
see [7]. The arithmetic of P), when expressed in terms 
of the polynomials o(x) in (47), is polynomial addition [7], 
e.g, if y(x) = 1+o;(x)- f(x) for i = 1,2, then F ig 
yi(x)-yo(x) mod f(z)’, written in the form F(z) = 14+3¢(2): 
f(x), has F(z) = o)(") + o2(x). From ajo(x) = 1+ 27 - 


(47) 


f(x) = 1+.;(x)f(x), we see that (x) = 2, i.e., o;(x) 
corresponds to a “unit vector.” Hence, if the jth coefficient of 
a(x) in the representation 

w(e)=1+ a(x): f(z) (48) 
of w(x) = x(x) mod flay is nonzero, then sjo is odd, 
and we can set jo = j. 


JII. OPTIMIZATION OF CRC CODES WITH 24 AND 
32 PARITY BITS 


Using an implementation on a high-speed special-purpose 
processor of the method of Section II for determining the min- 
imum distance of CRC codes, an extensive search for “good” 
CRC codes has been conducted among several classes of 
generator polynomials. These classes of generator polynomials 
consist of polynomials that generate shortened cyclic codes of 
a given minimum distance dmin,, in a certain range L of block 
lengths n. Among two generators in such a class, that one is 
considered better for which the minimum distance dmin(n) of 
the length n shortened cyclic code is greater than dmin,L up to 
a larger block length n. In the following, we present the best 
CRC codes that resulted from our search. We also compare 
these with several recent suggestions of Merkey and Posner 
[2], as well as with the standard code IEEE-802. In describing 
the classes of generators in which our search was carried out, 
we make frequent use of the following lemma. 

Lemma [7]: Consider the generator polynomial g(x) € 
GF(2)[¢] with simple roots and order n such that (x+ 


1)|g(x). Let the minimum distance of its generated CRC code 


C at block length n be d. Then the polynomial g(x) G 


(x + 1)-g(x) generates a CRC code C with minimum distance 
d = d at block length n + 1 and dmin = 4 at block lengths 
ranging from n + 2 to 2n. 


A. CRC Codes with 24 Parity Bits 


The code CRC-24/6.1 was obtained starting from the class 
of CRC codes with 23 parity bits whose generator polynomial 
factors into (x + 1) and two distinct primitive polynomials 
of degree 11 in GF(2)[z]. This class contains, in particular, 
the primitive BCH codes of length 21! — 1 = 2047 whose 
generator polynomials have the factors (x + 1), Me (x) and 
MG? (x) and thus by the BCH bound [9, p. 269], have 
minimum distance dmin > 6. Now, generator polynomials 
of degree p and order n can be partitioned into equivalence 
classes defined by 


G(x) = g(x) 
< 
Jt € N such that g(x) = gcd(g(x*), £” — 1) 


where gcd (t,n)=1. (49) 


Equivalent polynomials, in the sense of (49), generate cyclic 
codes of the same rate, length, and minimum distance. Hence, 


4g) (x) E GF(2)[r] denotes the minimal polynomial of œa, where a 
is a primitive element of GF(21?). 
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TABLE I 
dmin(n) VERSUS n FOR THE Copes CRC-24/6.1 AND CRC-24/6.2 AS WELL AS THE Copes MP-CRC-24/6.1 AND MP-CRC-24/6.2 


n 


n n 


dmin CRC-24/6.1 CRC-24/6.2 MP-CRC-24/6.1 MP-CRC-24/6.2 
16 25,---, 26 
14 25 
12 26 
10 27,---. 36 27,+-+, 41 
8 37,+++, 83 42.---. 95 25,- --, 68 Po 
6 84,- -, 2050 96,---, 2048 69,- -, 2048 56,- -- , 2048 
4 2051, - - - , 4098 2049,--- , 4094 2049,---, 4094 2049, - - - , 4094 
2 >4099 >4095 >4095 >4095 

from each class of CRC codes generated by equivalent polyno- TABLE II 


mials, only one member was tested at its cyclic block length. 
The CRC codes in those classes that meet the BCH bound, 
in particular the class containing the BCH codes, were then 
further considered. In order to obtain generators of degree 24, 
they were first multiplied by (2 + 1), which at the same 
time increases the block length n up to which din > 6 to 
n = 2048. By our lemma and by the equivalence relation (49) 
of cyclic codes, these polynomials are all generators of CRC 
codes of the given form that have dyin > 6 up to n = 2048. 
Hence, having investigated only the equivalence classes (49) 
of simple-root cyclic codes whose generators of degree 23 
factor as indicated, we could determine all generators with 
(a + 1)? as a factor and two distinct primitive polynomials 
of degree 11 that generate shortened cyclic codes that have 
dmin > 6 at n = 2048. These resulting generators were then 
compared in terms of the dmin profile of their generated CRC 
code. The best code thereby found, our code CRC-24/6.1, has 
dmin > 8 up to the largest block length, n = 95, among all 
these codes. 

The code CRC-24/6.2 is the optimal code in the class of 
CRC-24 codes generated by polynomials g(x) that are the 
product of (x + 1)? with an irreducible polynomial f(z) of 
degree 22 and order 21! + 1 = 2049. As follows from Tzeng 
and Hartmann [10], cyclic codes with generator polynomials of 
the form (x + 1)- f(x), where f(x) € GF(2)[z] is irreducible 
of degree 22 and order 2049, have dmin = 6. Therefore, by 
our lemma, the CRC-24 codes with generators (x + 1)”- f(x), 
f(a) as before, have dyin = 6 up to the block length 
n = 2050. Our code CRC-24/6.2, which is the best CRC 
code in this class, has dmin > 8 up to the block length 
n = 83, and hence is not quite as good as the code CRC- 
24/6.1. The minimum distance profiles of the two CRC-24 
codes CRC-24/6.1 and CRC-24/6.2 are listed in Table I, which 
also contains the dmin profiles of two corresponding CRC 
codes that have been suggested by Merkey and Posner in [2]. 

The code CRC-24/5.1 was optimized among the codes 
generated by an irreducible polynomial of degree 24 and order 
212 41 = 4097. Codes of this type were first suggested 
by Zetterberg; see [10]. The Zetterberg codes have minimum 
distance 5 at their cyclic block length and are optimal at the 
block length, i.e., there exists no binary (4097, 4073) block 
code with minimum distance greater than 5, as follows from 
the Hamming bound. In [7], the optimallity is proven in all 
cases of binary cyclic codes with 4k parity bits and order 


dmin(n) VERSUS n FOR THE Copes CRC-24/5.1 AND CRC-24/5.2 


dmin CRC-24/5.1 CRC-24/5.2 
15 25 25,---, 26 
12 27 aes 58 
11 29,--+, 31 
10 26,---, 33 32,--+, 33 
9 34,---, 35 
8 36,---, 41 
7 34,---, 37 42,---,77 
6 38,---, 252 78,-+-, 217 
5 253,--+, 4097 218, +++, 4095 
2 24098 >4096 
TABLE III 
dmin(n) VERSUS n FOR THE CODE CRC-24/4 
dmin CRC-24/4 

12 25,---, 30 

10 31,.+-, 36 

8 37,---, 61 

6 62,- -- , 846 

4 847,---, 8388 607 

2 >8388 608 


22k + 1. The dmin profile of the code CRC-24/51. is given in 
Table II. For reasons of comparison, Table II also contains the 
dmin profile of the code CRC-24/5.2, which is the best code 
in the class of CRC-24 codes with a generator polynomial 
g(x) that factors into two irreducible polynomials of degree 
12 and orders 21? — 1 = 4095 or 4095 or (2)? — 1)/3 = 1365, 
respectively. Note that the code CRC-24/5.2 has dmin = 6 
only up to n = 217, whereas CRC-24/5.1 has dmin = 6 up 
to n = 252. 

The code CRC-24/4 is the CRC code that has dyin = 6 up 
to the largest block length among all generator polynomials of 
the form (x + 1) - p(x) where p(x) is a primitive polynomial 
of degree 23. The dmin profile of this code is given in 
Table II. CRC codes with a generator polynomial g(x) of 
the form g(x) = (x +1)- q(x), where g(x) is an irreducible 
polynomial of order (27° — 1)/47 = 178481, were found to 
have dmin(n) = 6 only up to n = 763. These codes are 
therefore inferior to CRC-24/4. 

Table IV lists the generator polynomials of CRC-24 codes 
treated in this paper, together with their most important 
parameters. In Fig. 1, we give typical values (see Note 1 
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TABLE IV 
GENERATOR POLYNOMIALS g(x) OF THE CRC-24 Copes 


CRC Code Ne g(x) 
CRC-24/6.1 4094 127 266 713 
CRC-24/6.2 4098 136 600 675 
MP-CRC-24/6.1 4094 114 430011 
MP-CRC-24/6,.2 4094 120 013 007 
CRC-24/5.1 4097 114.377 431 
CRC-24/5.2 4095 126 742 365 
CRC-24/4 8 388 607 114 505 543 


Factorization of g(x) 


m 2 
5711-5657 -3-3= MG? (2). MG™ (ay. (an? @) 


23 325 331-3-3 = MP4) (a). (MDa) 
T745 -7371 -3:3 = MG (ny. 1449) (z) (u(x) 
5253 - 5001 - 3- 3 = MD (2). ME (a). (MPY 

114377431 = MÉ 383635) p) 


14227 - 14667 = MG) (æ) - MU (e) 


73474441 -3 = MLS I) e) . MLO (2) 


The polynomials are given in octal notation, e.g., octal 13 stands for binary 001 011 which is the polyomial etaetl. M(x) denotes the minimal 
polynomial of a’, where a is the primitive element of GF(2™) used in Appendix C of [9]. ne is the length of the cyclic code generated by g(x). 


P 
ue 
1 — 
din = 4 
2-24 _| Jere eee se 
-10 | ae 
to dma ee 
r ý Fns 
10729 _ Gain = 8 
10739 4 ---- ¢=1073 
e=1078 
10740 4 T T T ın 
10! 10? 103 104 10° 


Fig. 1. Pue(n) versus n for CRC-24 codes with various minimum distances 


dmin on the BSC’s with e = 107° and 10°. 


below) of undetectable-error probabilities Pue of CRC-24 
codes with various minimum distances at all block lengths. 
Thereby, Pue is given on a quite noisy BSC (crossover 
probability « = 107°) and on a low-noise BSC (crossover 
probability e = 1076). 


B. CRC Codes with 32 Parity Bits 


The code CRC-32/8 was found to be the best CRC-32 code 
of the class of codes whose generator factors into (z + 1)? 
and three distinct irreducible polynomials of degree 10, two 
of order 21° — 1 = 1023, and one of order 341. The generators 
of the codes equivalent to the primitive BCH codes of length 
1023 and dmin = 8, when multiplied with (x + 1), yield CRC- 
32 codes in this class. Hence, by our lemma, this class of 
generator polynomials of degree 32 contains CRC-32 codes 
that satisfy dmin(n) > 8 up to the block length n = 1024. 
The dmin profile of the code CRC-32/8 is listed in Table V, 
together with the dmin profiles of the corresponding CRC-32 
codes suggested by Merkey and Posner [2]. 


TABLE V 
dmin(n) VERSUS n FOR THE Copes CRC-32/8, 
MP-CRC-32/8.1, MP-CRC-32/8.2 


n n n 

dmin CRC-32/8 MP-CRC-32/8.1 MP-CRC-32/8.2 
14 33., 44 
12 45,---, 48 
10 49,---, 98 33,--+. 78 33,-++, 79 
8 99, -- - , 1024 79,- - , 1023 80, - - - , 1023 
4 1025,---, 2046 
2 >2047 >1024 >1024 


The code CRC32/6 is the best code in the class of CRC- 
32 codes whose generator factors into (x + 1)? and two 
distinct primitive polynomials of degree 15, and hence of 
order 2!5 — 1 = 32767. Similarly to the class within which 
CRC-32/8 was selected, this class contains CRC codes whose 
generators are (x + 1) times the generator of primitive BCH 
codes of length 32 767 and dmin = 6. The dmin profile of the 
code CRC-32/6 is contained in Table VI. The codes CRC-32/8 
and CRC-32/6 were both found in a way similar to the search 
for CRC-24/6.1, i.e., by first finding all equivalence classes 
(49) of simple-rood generators of degree 31 whose dmin at 
the cyclic block length was equal to dmin of the BCH code of 
the same rate and length, and then optimizing the dmin profile 
of the resulting augmented degree-32 generators. 

The code CRC-32/5.1 is the optimum Zetterberg code with 
32 parity bits, i.e., it was determined to have dmin = 6 up to 
the largest possible block length among all codes generated 
by an irreducible polynomial of degree 32 and order 216 + 
1 = 65537. Its minimum distance profile is listed in Table VII. 
This table also contains the code CRC-32/5.2, which is the best 
code in the class of CRC-32 codes whose generator polynomial 
g(x) has two irreducible factors of orders 216 — 1 = 65535 
and 65535 or (216 — 1)/3 = 21845, respectively. The code 
CRC-32/5.2 has dmin = 6 up to slightly shorter block lengths 
than CRC-32/5.1, i.e., up to n = 1029 as opposed to n = 1092 
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TABLE VI 
dmin({n) VERSUS n FOR THE CODE CRC-32/6 


dmin CRC-32/6 
20 33 

18 34,---, 35 
16 36 

14 37 

12 38,- --, 43 
10 44,.--, 56 
8 57,---, 306 
6 307, ---, 32768 
4 32769, ---, 65534 
2 >65 535 


TABLE VH 
dmin(m) VERSUS n FOR THE Copes CRC-32/5.1 AND CRC-32/5.2 


dmin IEEE-802 CRC-32/5.2 
17 33, ++, 34 
15 33,--+, 35 
14 35 
13 36,- -, 38 
12 36,---, 49 
11 50,---, 53 39, 52 
10 54 59 53,- , 68 
9 69,---, 80 
8 60,---, 90 81,---, 110 
7 91,---, 113 111,---, 266 
6 114,---, 1092 267,--+, 1029 
5 1093, ---, 65537 1030,---, 65535 
2 > 65 538 > 65 536 


for the code CRC-32/5.1. Note that also for p = 16 [8] and 
p = 24, the best Zetterberg code is slightly better than the best 
code in the corresponding class of CRC codes whose generator 
factors into two irreducible polynomials of the same degree. 

The code CRC-32/4 is the best code that resulted from an 
optimization of the dmin profile of some 47000 CRC codes 
with a generator that factors into (x + 1) times a primitive 
polynomial of degree 31. Since there are 2 - (230 — 1)/31 
primitive polynomials of degree 31 in GF(2)[z], it was im- 
possible to test all CRC codes of this class. Our CRC-32/4 
code has dmin = 6 up to the block length n = 5275. Its dmin 
profile is given in Table VIII. 

The standard code IEEE-802, whose generator polynomial 
was suggested by Hammond et al. [11] and which is used 
in the IEEE 802.3, 4, 5, and 6 protocols (Ethernet, Token 
Passing Bus, Token Ring, and the Metropolitan Area Network) 
as well as in the FDDI protocol, was also investigated for 
reasons of comparison. Its generator is a primitive polynomial 
of degree 32, and thus has dmin = 3 up to ne = 274 — 
1 = 4294967295 ~ 4.3-10°, which safely exceeds any frame 
length ever to be encountered in practice. Its dmin profile is 
contained in Table VIII, and its Pae performance on a quite 
noisy BSC and on a low-noise BSC is given in Fig. 2. The 
ITEEE-802 code was investigated earlier by Fujiwara et al. [12]. 

Table IX contains a list of all CRC codes with 32 parity 
bits that are treated in this paper, and in Fig. 3 we give typical 
values (see Note 1 below) of undetectable-error probabilities 
Pae of CRC-32 codes with various dmin at all block lengths. 
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TABLE VIII 
dmin(1) VERSUS n FOR THE CODES CRC-32/4 AND THE STANDARD IEEE-802 


dnin IEEE-802 CRC-32/4 
18 33 
16 34,--+. 38 
15 33,-++, 42 
14 39,---, 40 
12 43, ---, 44 41,- -, 52 
11 45,-++, 53 
10 54,--++, 66 53,-++, 79 
9 67,---, 89 
8 90,---, 123 80,---, 209 
7 124,---, 203 
6 204,-+-, 300 210,---, 5275 
5 301,---, 3006 
4 3007,---, x? 5276,-.-, Bl —1 
3 r+1,---,2%-1 
z >22 >23! 
az > 64000. 
Pre 
10710 5 
10720 
109739 | 
10740 
10-50 4 
10760 4 
10770 J ---- e=1073 
10780 é€=10 
107% IEEE-802 
107100 J 
107110 | 
107470 4 ln 
10! 10? 10° 104 108 
Fig. 2. Pue(n) versus n for the IEEE-802 code on the BSC’s with 
e = 1073 and 1076. 
P 
ue 
1 = 
-32 = 4 
-10 J2 
R a 
min = 4 
domn = 8 
10720 J m =5 
dinin 8 
10729 4 
: e=1025 
10740 J a =p é=10 
10750 n 
10! 10? 10° 104 10° 
Fig. 3. Puc(n) versus n for CRC-32 codes with various minimum distances 


dmin on the BSC’s with e = 1073 and 107°. 


The values of P,. are given for a quite noisy BSC (crossover 
probability e = 107°) and a low-noise BSC (e = 107°). 
Note 1: In Figs. 1-3, we have presented P,,.(n) as com- 
puted via the dual code’s weight distribution according to 
[13]. The values for Pae have therefore not been obtained 
by any approximation. However, it should be emphasized that 
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TABLE Ix 
GENERATOR POLYNOMIALS g(x) OF THE CRC-32 Cones 


CRC Code ne g(x) Factorization of g(x) 

CRC-32/8 2046 1F1922815 465-557-787 -3-3 = MCP! x). MGP (2). MO) (a) - (Mw) 
MP-CRC-32/8.1 1023 1404098E2 531- 4C9 -747 -3-2 = MG? (x). ME (x). MGP (2) MG (x) -2 
MP-CR-32/8.2 1023 10884C512 42D -463 -7B1-3-2 = MEOD (x) MGE (2) MUDr) MO (2) a 

CRC-32/6 65534 1F6ACFB13 8011 - C85E - 3 -3 = MET (2) - M19) (2) (MDa) 

CRC-32/5.1 65537 1A833982B 1A833982B = 14{}?7 989855) (2) 

CRC-32/5.2 65535 1572D7285 15BAB - 10FEB = MG? (2). 279) (2) 

CRC-32/4 311 11EDC6F41 F5B4253F - 3 = MLP 577445) (2). MSO (a) 

IEEE-802 52 4 104C11DB7 104C11DB7 = MË? (2) 


The polynomials are given in hexadecimal notation, e.g., hex 3B stands for binary 00111011 which is the polyomial gp + rt +r toatl. MY (x) 
denotes the minimal polynomial of a*, where a is the primitive clement of GF'(2™) used in [9, Appendix C]. n is the length of the cyclic code 


generated by g(x). 


in Figs. 1 and 3, we present only “typical values” of Pue: for 
fixed values of e (e = 107? and e = 107°), these figures show 
Pye as a function of the block length n and the minimum 
distance dmin for CRC codes with 24 and 32 parity bits, 
respectively. The presented data on Pue thus do not refer to 
any particular code. We have chosen this representation in 
order to save space. Hence, for specific codes, these data lack 
certain details, i.e., the behavior of Pue at the “jump” points 
of dmin(n). Our investigations have shown that at a “jump” 
point of a given CRC code, its Pue value jumps from the 
lower to the higher level of P,,. displayed in Figs. 1 and 3 in 
a saturation-like manner, as shown in Fig. 2 for IEEE-802. 

Note 2: Since the results on dmin of the various CRC 
codes investigated for this paper have been obtained by a fast 
special-purpose processor, they are comparatively difficult to 
reproduce. It is therefore important to note that our results on 
dmin can be seen to be consistent in all of those cases where the 
minimum distance of a shortened cyclic code is known from 
a different source [7]. Notably, our results for the TEEE-802 
code, whose dmin profile cannot be determined by theoretical 
means, are consistent with the results presented in [12] that 
were computed by a different method, which is particularly 
suited to compute the minimum distance of a CRC code, but 
does not offer any values of Pe. 


IV. CONCLUDING REMARKS 


Our investigations of CRC codes have yielded several 
interesting new codes with 24 and 32 parity bits. In the case 
of 24 parity bits, where so far there has been no standardiza- 
tion, our suggestions should provide a solid basis for future 
standards. We have also found CRC codes with 32 parity bits 
that improve upon earlier suggestions, as well as upon the 
standard IEEE-802. 


In view of the sometimes heuristic approaches that underlay 
previous work in defining CRC codes for error detection, 
the superiority of our codes is not surprising. On the other 
hand, however, it should be observed that it is mainly on low- 
noise channels, for which the standards on the whole perform 
satisfactorily, that our codes improve upon these standards. 
The improvements over the standard codes are due to increases 
of the minimum distance at various block lengths. On very 
noisy channels, e.g., during error bursts, the error-detecting 
capability depends solely on the number of parity bits, which 
is not subject to optimization. We also mention that most 
of the new CRC codes that we have presented in this work 
have been investigated for properness at block lengths up to 
approximately n = 2!° — 1. A CRC code is said to be proper 
at a certain block length n if on BSC’s the probability Pue 
of undetectable errors increases monotonically as a function 
of the crossover probability € € [0, 0.5]. Except for the codes 
CRC-24/5.2 and CRC-32/5.2, all CRC-24 and CRC-32 codes 
were investigated for properness. The codes were checked at 
those block lengths not exceeding n = 215 — 1 that appear in 
the respective tables of Section IH, showing dmin as a function 
of n. Except for the code CRC-24/5.1 at n = 37 and n = 38 
and the code CRC-32/5.1 at n = 113 and n = 114, where 
a slight improperness was detected, as well as for the code 
CRC-32/8, where improperness was detected at n = 2046, 
all of these checks revealed that Pue increases monotonically 
with < for the respective CRC codes and block lengths. 

Whether one should replace an existing standard code 
by one of our codes is both a technical and economical 
question. On new and isolated networks that are not likely 
ever to be coupled to existing nets, it is certainly reasonable 
to choose one of our codes. Moreover, should any future 
specifications require a number of parity bits different from 
24 or 32 and which does not (substantially) exceed 32, then 
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our algorithm together with its implementation on our special- 
purpose processor appears as a reasonable means for obtaining 
a good solution. 
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